How to spot and avoid phishing scams

Phishing scams used to be easy to spot because of their incredible claims. Take for example the infamous Nigerian prince scam, which asks victims to disclose financial information so that the royal prince may purportedly deposit his overflowing cash into their bank accounts. But as netizens grew smarter in spotting scams over time, phishing masterminds also came up with more sophisticated schemes. Instead of using far-fetched scenarios, modern phishing scams take advantage of current issues to lure and trick recipients. It’s, therefore, no surprise that COVID-19-related scams are the most widespread at the moment. In a public address, Florida attorney general Ashley Moody warned the public about phishers pretending to be contact tracers to steal citizens’ Social Security numbers and financial information. Phishers are also using the confusion and panic brought by the COVID-19 pandemic to catch victims unaware. In Morristown, New Jersey, for instance, police saw an uptick in scams targeting the elderly during the coronavirus crisis. In these dangerous times where cybercriminals are taking every opportunity to wreak havoc, it’s crucial to be able to identify scams so you don’t become a victim. What are the unmistakable signs of a phishing scam? What makes phishing attacks so successful is that they appear to be from legitimate sources. Scammers often use a real entity’s letterhead, logo, and other information to gain the trust of their target. But however authentic-looking phishing attacks may be, these red flags can help you spot one:

• Generic greetings – Real companies call you by your name and your preferred honorifics instead of the impersonal “Mr./Ms./Mrs.” or “Dear customer”.
• Numbers or alterations in domain names – Legitimate organizations send correspondence using their domain names, which phishers attempt to mimic. Look for alterations in domain emails (like a capital letter “I” that looks like the small letter “l”), misspellings (“Micorsoft” instead of “Microsoft”), or additional numbers (payment@paypal23.com instead of payment@paypal.com).
• Grammatical errors – Misspellings, incorrect or missing punctuation marks, and bad syntax are dead giveaways that an email is a scam, since legitimate businesses and entities have professionally written correspondence.

Phishers often trick you into opening an attachment or clicking on a link by appealing to your sense of urgency or empathy. Some of the most common phishing emails:

• Notify you of suspicious activities or log-in attempts
• Say that your access to a service is expiring and ask you to click a link to avoid its cancellation
• Ask you to update your payment information
• Claim that you need to confirm some personal information
• Urge you to make a donation to a charitable institution
• Instruct you to pay by clicking a link

What should you do if you suspect a phishing attack? If you suspect that you’ve received a phishing scam, do NOT interact with it. Instead, report it to your IT department and concerned authorities such as the Anti-Phishing Working Group and the Federal Trade Commission. However, if you’ve accidentally clicked on a link or downloaded a file from the phishing email, you need to update all your software and run an antivirus scan. Immediately call your IT experts as well so that they can mitigate the effects of the attack. How can you prevent phishing attacks? To thwart phishing attacks, use security software that can catch malicious emails before they even reach your inbox. Make sure that these technologies are updated automatically so they’re always equipped with the newest patches or features to handle new threats. Enforce multifactor authentication (MFA) whenever possible. Even if someone falls prey to a phishing attack and discloses their login credentials, MFA ensures that only authorized users can access confidential information by requiring any user to provide two or more credentials on top of passwords. Finally, educate your workforce in cybersecurity best practices, including how to spot phishing scams. Your staff is your first line of defense, so you should empower them to identify and report potential threats. It also helps to have a cybersecurity protocol, which outlines what employees should do in case of a phishing attack. If your business is located in Hanover, Morristown, or Madison, New Jersey, our IT experts at Online Computers can beef up your cybersecurity to prevent phishing attacks and other cyberthreats from compromising your systems. Get in touch with us today.